R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101
110
[Firewall–GigabitEthernet0/1] portal server newpt method redhcp
[Firewall–GigabitEthernet0/1] quit
Configuring Layer 3 portal authentication with extended
functions
Network requirements
As shown in Figure 80:
• Firewall A is configured for Layer 3 extended portal authentication. When users have passed
identity authentication but have not passed security check, they can access only subnet
192.168.0.0/24. After passing the security check, they can access Internet resources.
• The host accesses Firewall A through Firewall B.
• A RADIUS server serves as the authentication/accounting server.
Figure 80 Configure Layer 3 portal authentication with extended functions
Configuration procedure
NOTE:
• Configure IP addresses for the host, firewalls, and servers as shown in Figure 80 an
d ensure that they
can reach each other.
• Configure the RADIUS server properly to provide authentication and accounting functions for users.
Configure Firewall A:
1. Configure a RADIUS scheme
# Create a RADIUS scheme named rs1 and enter its view.
<FirewallA> system-view
[FirewallA] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the IMC server, you need set the server type
to extended.
[FirewallA-radius-rs1] server-type extended